FROSMO compliance with the General Data Protection Regulation

As of 25 May 2018, FROSMO must comply with the enforceable EU General Data Protection Regulation (GDPR). According to the definitions of the regulation, FROSMO is a data processor, processing personal data on behalf of its customers. This means that the legitimate and specific purpose for collecting personal data through the Frosmo platform is always determined by the customer.

FROSMO, as a data processor, is committed to assisting its customers in the responsibilities regarding any personal data collected through the Frosmo platform.

Collecting and processing data

The Frosmo JavaScript library collects usage data in the visitor’s browser and sends the data to the Frosmo back end over an HTTPS connection. The library sends the data in the background so as not to interfere with the visitor’s user experience. The Frosmo JavaScript library also stores selected data locally in the browser.

The Frosmo JavaScript library handles the operations on the customer site but does not contain any data in itself.

By default, the Frosmo platform collects and processes only anonymous and pseudonymous information about visitors and their behavior on a website. The platform does not collect data that in itself enables the identification of an individual data subject.

The Frosmo platform can collect additional information about visitors. However, the processing of such data must always be determined by the customer and explicitly documented.

Access and removal of data

FROSMO, as a data processor, always handles requests related to a specific data subject’s access to their own personal data through the customer acting as the data controller regarding the specific site. Any personal data will be delivered only based on a written request or instructions given by a customer to FROSMO.

When a data subject refuses profiling on a site, the Frosmo platform discontinues all profiling for the corresponding Frosmo visitor ID.

When a data subject requests deletion of their personal data, processing any data related to the specific visitor ID ceases immediately. The platform does this by setting a cookie in the visitor’s browser that prevents the use of the platform. The data is then removed from the Frosmo systems according to the normal data retention cycle.